Permissions

Learn how to use role-based permissions.

Server-side roles check

If you import @workspace/auth/permissions you have following helpers:

isOrganizationOwner(userId, organizationId)
isOrganizationAdmin(userId, organizationId)
isOrganizationMember(userId, organizationId)

You can check the permission for the active organization on the server-side like following:

permission-example.ts

import { getAuthOrganizationContext } from '@workspace/auth/context';
import { isOrganizationAdmin } from '@workspace/auth/permissions';

const ctx = await getAuthOrganizationContext();
const isAdmin = await isOrganizationAdmin(
  ctx.session.user.id,
  ctx.organization.id
);

Please not that you can pass in any userId or organizationId, it doesn't have to be from a session context.

Client-side roles check

The profile object of the getProfile() server-side call returns the active organization permissions:

profile-example.ts

type ActiveOrganizationPermissions = { isOwner: boolean; role: Role };

The values are transient and not cached. Passing the profile object to any client component enables you to do permission checks on the client.

Accessing memberships

On the server-side the context object has all the current user's memberships.

access-user-memberships-server-example.ts

const memberships = ctx.session.user.memberships;

The same pattern for the active's organization memberships.

access-organization-memberships-server-example.ts

const memberships = ctx.organization.memberships;

You can check the active organization memberships on the client using:

access-organization-memberships-client-example.tsx

'use client';

import { useActiveOrganization } from '~/hooks/use-active-organization';

export function ClientComponent() {
  const activeOrganization = useActiveOrganization();
  const memberships = activeOrganization.memberships;
}

Getting Started

General

Apps

Dev Tools

Components

Permissions

Server-side roles check

Client-side roles check

Accessing memberships